I enable the client vpn on , client vpn subnet to 192.168.8.0/24, dns to google dns, no wins server, secret id, add my self as merkai vpn user
then I setup my android base on the following documentation
https://documentation.meraki.com/MX-Z/Client_VPN/Client_VPN_OS_Configuration#Android
yet it will not connect what am I missing
thanks in advance
What is actually going wrong?
Do you get a username/password prompt?
Does it accept your username/password?
Does perhaps traffic just fail to parse?
Also does your MX connected directly to the Internet and have a public IP address on its WAN port, or is it behind something else doing NAT?
@PhilipDAth wrote:Also does your MX connected directly to the Internet and have a public IP address on its WAN port, or is it behind something else doing NAT?\Its not behind a nat but not dircet it a pppoe modem that connect to internet and the MX is connect to it but I do nto think its bridge \
]
internet ----- pppoe modem with (pppoe accout/password)------MX-----lan
we can surf but not vpn back in
You are going to have to make sure that the ISP device provided is allowing your MX ports for VPN.
Its not "normal" and some ISPs block those ports. At least, that's what some of our users had to do at their house.
Check out this link here. Do you have any log info that you could provide to assist?
You can find it on the left hand menu in your Dashboard under Network Wide and then Event Log.
Also, please do note that if you are testing your VPN you have to be off your network (the LAN from your diagram) to use the VPN on the Android.
Test Here on Internet -----> Modem with Ports 500/4500 UDP Forwarded ----> MX with VPN and Event Log --->LAN
On the Modem also turn on ICMP on the WAN side. Since the MX is the device communicating from UDP 500/4500, those ports need to be forwarded on any devices upstream of the MX, not on the MX itself. Also, I haven't used it from an Android but from Windows I get a lot of users who do not check the right Auth (PAP) so make sure those settings are spot on too and you should be set.
If it doesn't work, show us some logs and we can help you from there.
I would suggest that you check the logs to see if there is any sign of attempted connections from the outside world.
Filter the SA logs with for the event "All Non-Meraki / Client VPN" that will let you see there is any attempted negotiations occurring along with any refusals due to credentials or misconfigured options.
If you see no connection attempts then either the ISP may be blocking VPN connectivity or there the client can't hit the box.
Also not wishing to be silly but you have authorised the account to be a VPN client (not that I wouldn't manage to do such a thing the first time I tried setting it up) and (as was said earlier) make sure that you aren't connected to the Meraki network via Wi-Fi
In case it helps here's the sanitised settings from my SA and Android phone that work great via both the mobile network and public hotspots.